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UNITED STATES OF AMERICA : AMENDED COMPLAINT 

-v . - : Violation of 

18 U.S.C. §§ 2511 & 2 

DONNCHA O ' CEARRBHAIL , : 

a/k/a "palladium," COUNTY OF OFFENSE: 

a/k/a "polonium," : NEW YORK 

a/k/a "anonsacco, " 

Defendant . 



SOUTHERN DISTRICT OF NEW YORK, SS . : 

GEORGE J. SCHULTZEL, being duly sworn, deposes and 
says that he is a Special Agent with the Federal Bureau of 
Investigation ( "FBI" ) , and charges : 

COUNT ONE 

1 . From in or about January 2012 , up to and 
including in or about February 2012 , in the Southern District o 
New York and elsewhere, DONNCHA O ' CEARRBHAIL , a/k/a "palladium, 
a/k/a "polonium, " a/k/a "anonsacco, " the defendant, willfully 
and knowingly, intentionally disclosed, and endeavored to 
disclose, to any other person the contents of any wire, oral, 
and electronic communication, knowing and having reason to know 
that the information was obtained through the interception of a 
wire, oral and electronic communication in violation of Title 
18 , United States Code, Section 2511 (1) , to wit, the defendant, 
while in Ireland, unlawfully and intentionally recorded a 
telephone conference call between law enforcement officers in 
the United States and law enforcement officers in the United 
Kingdom and then provided copies of that recording to 
individuals in New York, New York and elsewhere . 



(Title 18, United States Code, Sections 2511 (1) (c) & 2 . ) 



The bases for my knowledge and for the foregoing 
charges are, in part, as follows: 

2 . I have been a Special Agent with the FBI for 
approximately two years and have been involved in the 
investigation of this matter. I am familiar with the facts and 
circumstances set forth below from my personal participation in 
the investigation, including my examination of reports and 
records, and my conversations with law enforcement officers and 
other individuals. Because this affidavit is being submitted 
for the limited purpose of establishing probable cause, it does 
not include all the facts that I have learned during the course 
of the investigation . Where the contents of documents and the 
actions , statements and conversations of others are reported 
herein, they are reported in substance and in part, unless noted 
otherwise , 

BACKGROUND ON ANONYMOUS , LULZSEC AND ANTISEC 

3 . Since in or about 2010 , the FBI has been involved 
in the investigation of a loose confederation of computer 
hackers and others known as "Anonymous , " and its affiliated 
groups . Since at least in or about 2008 , certain members of 
Anonymous have waged a deliberate campaign of online 
destruction, intimidation, and criminality, as part of which 
they have carried out cyber attacks against businesses and 
government entities in the United States and throughout the 
world. Between in or about December 2010 and in or about May 
2011, one group of individuals affiliated with Anonymous who 
engaged in such criminal conduct was composed of elite computer 
hackers who collectively referred to themselves as "Internet 
Feds . " In or about May 2011 , certain members of Internet Feds 
formed and became the principal members of a new hacking group , 
"Lulz Security" or "LulzSec . " Then, in or about June 2012 , 
certain individuals who were affiliated with Anonymous , Internet 
Feds , and/ or LulzSec , j oined with other computer hackers to 
create a new hacking group called "Operation Anti-Security, " or 
"AntiSec . " AntiSec has , among other things , publicly encouraged 
cyber attacks on government - re lat ed entities . In addition, 
AntiSec has publicly claimed responsibility for, among other 
things, the intrusion into, and subsequent release of data 
stolen from, computer systems used by more than 50 police 
departments in the United States and an intrusion into the 
computer systems of the North Atlantic Treaty Organization 

( "NATO ,# ) . 
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THE INVESTIGATION 



4. Based on my participation in this investigation, 
I know that a computer hacker who was, at various times, 
affiliated with Anonymous and other computer hacking 
organizations (the "CW" ) , was arrested by the FBI, and agreed to 
cooperate with the Government's investigation in the hope of 
receiving a reduced sentence. The CW has pleaded guilty to 
various charges, including charges relating to computer hacking, 
pursuant to a cooperation agreement with the Government. The 
information provided by the CW has been shown to be accurate and 
reliable and is corroborated by other information developed in 
this investigation. While acting under the direction of the 
FBI , the CW has communicated with other computer hackers and 
received information from those hackers regarding their hacking 
activities . 

5 . Based in part on information provided to the FBI 
by An Garda Slochana, the National Police Service of Ireland 
(the "Garda" ) , I know that in or about December 2 011/ January 
2012 , the personal Gmail webmail accounts of two Garda officers 
(the "Garda Officers" ) were compromised by a computer hacker 
(the "Compromised Gmail Accounts" ) . I also know that one of the 
Garda Officers whose accounts were compromised routinely sent 
email messages from an official Garda email account to one of 
the Compromised Gmail Accounts . 

6 . Based on information provided by the CW, and 
based on records from the FBI ' s email system, I know that in or 
about J anuary 2012 , email messages were circulated among various 
FBI agents and foreign law enforcement officers , including law 
enforcement officers in Ireland, for the purpose of scheduling a 
conference call on J anuary 17 , 2012 to discuss law enforcement 
investigations of Anonymous and other hacking groups . These 
email messages contained a telephone number and passcode that 
was to be used to access the conference call . Based upon 
information provided by the Garda to the FBI , I know that one of 
the Garda Officers forwarded these emails to one of the 
Compromised Gmail Accounts . 

7 . Based on information provided by the CW, and 
based on a transcript of Internet chats recorded by the FBI, I 
know that on or about January 14, 2012 , an individual using the 
online nickname "anonsacco" and the CW exchanged Internet chat 
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messages in a private Internet chatroom. 1 According to the 
transcript of that chat, anonsacco stated, "Hi mate. Could I 
ask you for help? I need to intercept a conference call which 
would be a very good leak. I have acquired info about the time, 
phone number, and pin number for the conference call. I just 
don't have a good VOIP [ 2 ] setup for actually calling in to record 
it . " Anonsacco then stated, "If you could help me, I am happy 
to leak the call to you solely. I guarantee it will be of 
interest! !" Anonsacco further stated that the call was on 
"Tuesday" [which would be January 17, 2012] , and that "I want to 
test everything out before hand. I don't want to miss this 
call!!" and "This will be epic!" 

8. Based on a recording to which I have listened, 
and based on my conversations with an FBI agent who spoke with 
several participants in the call , I know that the January 17 , 
2012 law enforcement conference call ("the Conference Call" ) in 
fact occurred. During the Conference Call , several FBI agents , 
some of whom were in the United States at the time of the call, 
and foreign law enforcement agents , who were in the United 
Kingdom at the time of the call, engaged in discussion of 
various matters related to the investigation of Anonymous and 
affiliated computer hacking groups . Among other things that 
were discussed was the investigation being conducted by the FBI 
in New York . 

9. Based on information provided by the CW, and 
based on a transcript of Internet chats recorded by the FBI, I 
know that on or about J anuary 28 , 2012 , anonsacco exchanged 
Internet chat messages with the CW in a private Internet 
chatroom. According to the transcript of that chat, anonsacco 
stated, "Hey mate . Would you like a recording of a call between 
SOCA [ 3 ] and the FBI regarding anonymous and lulzsec?" Anonsacco 



1 All the Internet chats involving the CW that are detailed in 
this Complaint were recorded by the FBI with the CW' s consent . 

2 Based on my training, experience, and familiarity with this 
investigation, I know that "VOIP" stands for "Voice Over 
Internet Protocol, " a popular means by which individuals may 
place telephone calls over the Internet . Skype is a popular 
provider of VOIP services . 

3 Based on my training, experience, and familiarity with the 
investigation, I know that SOCA is an acronym for the Serious 
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further stated, "I think we need to hype it up . Let the feds 
think we have been recording their calls . They will be paranoid 
that none of their communications methods are safe or secure 
from Anon [Anonymous] " and w It will hopefully cause lots of 
issues and affect the feds ability to communicate and cooperate 
around the world. " Anonsacco then provided to the CW, through a 
file sharing service on the Internet, a copy of the recording of 
the Conference Call. I have spoken with an FBI agent who has 
listened to this recording and who has spoken with several 
participants in the January 17, 2012 Conference Call, and that 
agent informs me that the recording is in fact of the Conference 
Call . At the times the CW chatted with anonsacco, as detailed 
above , and at the time that anonsacco provided the recording of 
the Conference Call to the CW, the CW was in New York, New York . 

10 . Based on my review of YouTube .com, a popular 
Internet video sharing website, I know that , on or about 
February 3 , 2012 , an individual using the online nickname 
"TheDigital folklore" posted an audio file of the Conference Call 
to the YouTube website . The video image associated with the 
recording bore a symbol associated with AntiSec, as well as the 
word u AntiSec . " The recording on YouTube is available to the 
general public . 

IDENTIFICATION OF THE DEFENDANT 

11 . As detailed below, I know that anonsacco is 
DONNCHA O'CEARRBHAIL, a/k/a ^palladium, " a/k/a "polonium, 11 a/k/a 
"anonsacco, " the defendant, a resident of Ireland, for the 
following reasons : 

a. Based on my conversations with other FBI 
agents and my review of documents related to the investigation, I 
know that in early J anuary 2011, a computer network that hosted 
the website of Fine Gael , an Irish political party, was hacked 
and Fine Gael' s website was defaced with an Anonymous -related 
symbol and, among other things, the words "< owned [hacked] by 
Raepsauce and Palladium> . " I have spoken with another agent who 
has reviewed the contents, obtained pursuant to a search warrant 
obtained in the Southern District of New York, of a Facebook 
account held by a co- conspirator not named as a defendant herein. 
Based on my conversation with that agent , I have learned that on 



Organized Crime Agency, a law enforcement agency in the United 
Kingdom . 
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or about January 9 , 2 011 (around the time the Fine Gael website 
was defaced) , the user of the Facebook account received an 
electronic message from another Facebook user with the name 
"Donncha Carroll" [ "Carroll" is an English equivalent of the 
Gaelic u O' Cearrbhail" ] . The message from "Donncha Carroll" 
contained computer code which produces the same defacement as 
appeared on the Fine Gael website when it was defaced. 

b . Based on information provided by the CW, and 
based on a transcript of Internet chats recorded by the FBI, I 
know that on or about August 4 , 2011 , the CW and an individual 
using the online nickname "palladium" exchanged private chat 
messages over the Internet . During the chat , the CW and 
palladium discussed the theft of palladium' s online identity by 
another individual . Palladium inquired what he could do to prove 
his identity to the CW and stated, "I can post some info I have 
from really old opps , " meaning prior computer hacking activity. 
Palladium continued, "I can explain something about the sun" and 
"I can give you some info I still have from the first fox LFI 
[hack] . " 4 Later in the chat , the CW asked if a certain IP 
address 5 (the "Palladium IP Address" ) was used by palladium, to 



4 Based on my conversations with other FBI agents and my review 
of documents related to the investigation, I know that (1) in or 
about April 2011 , individuals affiliated with Internet Feds , 
including an individual using the online alias "palladium, " 
participated in a cyber attack on the website and computer 
network of Fox Broadcasting Company ( "Fox" ) , in which those 
individuals gained unauthorized access to Fox' s computer network 
and stole and publicly disclosed confidential information; and 
(2) in or about July 2011, individuals affiliated with LulzSec 
and AntiSec , including an individual using the online alias 
"palladium, " participated in a cyber attack on the website and 
computer network of The Sun, a British newspaper . Among other 
things , The Sun's website was defaced with a fake news article 
that referenced the word "palladium. " 

5 Internet Protocol ( "IP" ) addresses are unique numeric addresses 
used by computers on the Internet . An IP address looks like a 
series of four numbers , each in the range of 0-255 , separated by 
periods . Every computer connected to the Internet must be 
assigned an IP address so that Internet traffic sent from and 

di rec ted to that computer may be routed properly from its source 
to its destination. 
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which palladium responded that the "ip [address] looks like a 
wif i I connect from. " The CW also asked whether palladium uses 
"Perfect Privacy, " a virtual private network [ 6 ] service located 
in Germany, to which palladium responded, "yes I use that vpn. " 

c . Based on information provided to the FBI by 
the Garda , I know that on or about September 1 , 2011, Garda 
officers arrested DONNCHA O' CEARRBHAIL in Ireland 7 for his 
alleged participation, using the online nickname "palladium, " in 
connection with the Anonymous -related hack and defacement of the 
Fine Gael website in around January 2011 . Prior to 

O 1 CEARRBHAIL ' s arrest , the FBI had provided to the Garda certain 
chat logs obtained by the CW of communications in two online chat 
forums called "# sunny days" and "#babytech. " 8 Garda officers then 
showed certain of these chat logs to O' CEARRBHAIL during his 
post-arrest interview, in which 0' CEARRBHAIL admitted 
participating in the Fine Gael hack described above . 
O' CEARRBHAIL was released following his arrest pending 
consideration of charges against him. 

d . Based on information provided by the CW, and 
based on a transcript of Internet chats recorded by the FBI, I 
know that on or about November 12 , 2011 , the CW and an individual 
using the online nickname "polonium" exchanged private chat 
messages over the Internet . During the chat , polonium stated "I 
know for a fact the FBI has a large amount of log files" from a 
server associated with Anonymous , and that' "I was v& [ 9 ] " , to 

6 Based on my training, experience, and familiarity with the 
investigation, I know that a "virtual private network" or "VPN" 
service can be used by individuals to securely and anonymously 
access the Internet . 

7 Based on information provided by the Garda , I know that 
O' CEARRBHAIL is an Irish citizen who resides in Ireland. 

8 Based on my training, experience, and familiarity with this 
investigation, I know that "#sunnydays" and "#babytech" were 
chat channels used by individuals associated with Anonymous and 
affiliated hacking groups . #sunnydays was a restricted channel 
which required a password to enter . 

9 Based on my training, experience, and familiarity with this 
investigation, I know that "v&" or "vand" or "vanned" is 
Internet slang for being arrested, as in to be taken away in a 
police van. 
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which the CW responded, "no way. what makes you think that? , " to 
which polonium replied, "I was shown them during my 
interrogation. " The CW then asked, "like did you see raw logs or 
from channels?" , to which polonium responded, "# sunny days and 
#babytech at least . " Later in the conversation, the CW asked, 
"who is this?" to which polonium responded, "this is palladium." 

e . Based on information provided by the CW, and 
based on a transcript of Internet chats recorded by the FBI, I 
know that on or about January 9, 2012 , the CW and anonsacco 
exchanged Internet chat messages . During the chat , anonsacco 
stated, "I just got into the iCloud for the head of a national 
police cybercrime unit . I have all his contacts and can track 
his location 24/7 . " 10 Anonsacco then referenced "sunny days" , 
after which the CW inquired, "so who were you? if you know about 
! sunny days , " and "the channel name was leaked to feds . so 
clearly im interested in who you were, " to which anonsacco 
responded, "I understand it was leaked. That caused me a lot of 
hassle . Could you understand that I don't want to align myself 
with a compromised screenname?" The CW then asked, "hassle how? 
you got raided? or people doxed I 11 ] you?" Later, the CW asked, 
"so if you were raided, did they ask you about me?" , to which 
anonsacco responded, "No . Not you personally. " 

f . Pursuant to a court order, the FBI obtained 
information from Google regarding the Compromised Gmail Accounts . 
According to the records obtained from Google, and based on 
information provided by the Garda and the Garda Officers , it 
appears that in or about J anuary 2012 there were a total of 14 6 
instances in which an individual using the VPN service Perfect 
Privacy obtained unauthorized access to the Compromised Gmail 
Accounts . In addition, during this same time, there was at least 
one instance of unauthorized access to one of the Compromised 
Gmail Accounts by the Palladium IP Address , and several instances 
of unauthorized access by IP addresses allocated to the same 



10 Based on information provided by the Garda to the FBI , I know 
that one of the Garda Officers was the supervisor of the Garda ' s 
cybercrime unit . 

11 Based on my training, experience, and familiarity with this 
investigation, I know that "raided" is Internet slang for being 
arrested and that "dox" or "doxed" is Internet slang for having 
one ' s true identity being revealed on the Internet . 
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Internet service provider in Ireland as the Palladium IP 
Address, 12 

g. Based on my training, experience, and 
familiarity with the investigation, I know that individuals 
engaged in certain forms of Internet chat, such as some of those 
detailed in this Complaint, may seek to cloak their true 
identities, including their true IP addresses, when engaged in 
online chat sessions. 13 Individual users may do this by using a 
"cloak key" that is unique to each computer network that hosts 
chat forum (s) in which the user participates. A cloak key 
employs an algorithm which uses, among other things, the user's 
IP address to generate a new, "cloaked" loginID . Accordingly, if 
a user with the same IP address logs into the same chat hosting 
computer network, the user' s cloaked loginID should tend to be 
the same , regardless of whatever other aliases the user employs 
in chats . Based on the FBI' s analysis of the chat sessions 
detailed above , it appears that the online nicknames palladium, 
polonium, and anonsacco shared one or more times the same cloaked 
loginID . Accordingly, it appears that these nicknames had been 
accessed from the same IP address and thus the same computer . In 
addition, on several other occasions since in or about June 2011 
up to the present, the nicknames palladium and polonium shared 
loginlDs which had "Donncha" the defendant' s first name -- as 
the associated username . 



Based on my training, experience , and familiarity with the 
investigation, I know that "Internet Service Providers" or 
"ISPs" are assigned sequential blocks of IP address which they 
assign to their customers . 

13 When users log in to particular kinds of online chats , 
including chats discussed in this Complaint , they are often 
identified by information -- separate from any aliases by which 
the user may later identify themselves in chats in the form 
[username] @ [loginID] . The loginID is a string of information, 
which may include the user' s IP address . The username is 
designated by the user . 
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WHEREFORE, deponent prays that a warrant issue for the 



arrest of DONNCHA 0' CEARRBHAIL, a/k/a "palladium, " a/k/a 

"polonium, " a/k/a "anonsacco, " the defendant, and that he be 
imprisoned or bailed as the case may be . 



Sworn to before me this 
6th day of March, 2012 



HON . RONALD L . ELLIS 

UNITED STATES MAGISTRATE JUDGE 

SOUTHERN DISTRICT OF NEW YORK 




SpeciJal Agent 
Federal Bureau of Investigation 
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